Wireless LANs/IEEE 802.

11x
Objectives
Discuss the basic differences between wireless LANs and wireless mobile systems. Discuss the evolution of the IEEE 802.11 standard and its extensions IEEE 802.11x. Discuss the fundamental differences between wired and wireless LANs. Explain the basic architecture of IEEE 802.11 wireless LANs. Discuss the services offered by the wireless LAN MAC sub-layer Discuss the MAC layer operations used to access and join a wireless network.

Objectives
Explain the basic details of WLAN FHSS and DSSS physical layers. Discuss the adoption of the higher-rate IEEE 802.11x standards and the technical details of IEEE 802.11b/a/g. Discuss the present status of wireless LAN security as embodied by IEEE 802.11i. Discuss the status of competing wireless LAN technologies. Discuss typical wireless LAN hardware and system deployment strategies.

Wireless LANs/IEEE 802.11x

Introduction to IEEE 802.11x Technologies
Background Initial standard Present status of standard Applications: Wi-Fi hot spots Moores Law and WLANs The beginnings - ALOHA-Net The ISM bands Maturation of the technology

Evolution of Wireless LANs

Characteristics of wireless LANs

ALOHA Net
Radio and network technology combined Computers at seven campus communicate with central computer at university of Hawaii Star topology Radio based LAN uses ISM band located between 920 GHz to 5.85 GHz

The original ISM band

Evolution of Wireless LANs

Extensions to 802.11
802.11b/a/g-11mbps at 2.4GHz/54mbps at 5GHz and 54mbps at 2.4GHz 802.11d- requirements and definitions 802.11e - enhance 802.11MAC, quality of services 802.11f- IAPP for multiple vendor access point interoperability across DS 802.11h Network management and control function 802.11i- enhance security and authentication 802.11j- enhance standard at 2.4 & 5GHz 802.11k enhance radio resource measurement, mobility management 802.11ma- editorial and technical correction 802.11n- enhance data rate upto 100mbps

Evolution of Wireless LANs

Extensions to 802.11 802.11p- communicate between vehicle at speed upto 200km over 1000m,enhance mobility and safety 802.11r- enhance basic service set to extended service set to prevent disruption in data flow 802.11s- wireless LAN mesh, protocol for auto configuring and multihope technology in ESS 802.11u- enhance IEEE802.11 MAC and PHY, internetwork to other network 802.11v- enhance wireless network management to IEEE802.11 MAC and PHY

Layer 1: Overview
WLAN radio cards WLAN access points Ad hoc or peer-to-peer connection WLAN radio link The radio cards and the access points contain radio transceiver hardware that provides the radio link for the transmission of data back and forth between the two units.

Design issues
In a wired LAN, an IP address is equivalent to a physical location or a hardwired connection. In a WLAN, the addressable unit is known as a station (STA). Wired (point-to-point) connections yield highly predictable and reliable transmission of signals whereas wireless radio links are highly unreliable. WLAN radio link signals are not protected from outside EM interference. WLAN radio links experience time-varying multipath effects. This consequence of the use of wireless is sometimes referred to as the hidden station effect. IEEE 802.11 is required to handle both mobile and portable stations and deal with battery-powered equipment.

IEEE 802.11 Design Issues

Independent basic service set networks
Definition of a WLAN station Basic service set Ad hoc networks BSS architecture

IEEE 802.11 Design Issues

Distributed system concepts
Function Logical services

Extended service set networks

Concept and implementation

IEEE 802.11 Design Issues

Integration of wired and wireless LANs
Connection of wireless LANs to the wired LAN WLAN portal
Logical function

IEEE 802.11 SERVICESLAYER 2: OVERVIEW

Relationship of IEEE 802.xx standards to the OSI layers

Logical architecture of the IEEE 802.11 standard Logical architecture of the IEEE 802.11 standard

IEEE 802.11 Services

Layer 2: Overview of services

Distribution Association, Re-association, and Disassociation Access and security control services Relationships between services

Distribution
Every time a data message is sent either to or from a station that is part of an ESS. Consider the transfer of a data message from a station in one BSS to a station in another BSS where both BSSs are of an ESS network. The message from the originating station is transferred to the station/AP that connects' to the DS. The AP hands off the message to the DS. The DS delivers the message to the AP/station of the destination BSS and the data message is finally transferred to the destination station.

Association, Reassociation, and Disassociation

Before a station is allowed to send a message via an AP, it must first become associated with the particular AP. The process of becoming associated with an AP invokes the association service that initiated by station. This service provides a many-to-one mapping of stations to APs for use by the DS.

Association, Reassociation, and Disassociation

At any given time, a wireless station can only be associated with one AP and at the same time an AP can be associated with many stations. When first powered up, a station scans the radio link to learn what APs are present and then requests to establish an association by invoking the association service. The reassociation service is invoked to support BSS-transition mobility within an ESS network. Reassociation is also always initiated by a WLAN station. If the station moves within the ESS network to another BSS. the reassociation process will provide the DS with a correct up-to-date mapping of the station/AP relationship. Stations attempt to disassociate whenever they leave a network, and APs may need to disassociate stations to enable the removal of an AP from a network

Access and Security Control Services

The IEEE 802.11 standard supports several authentication processes including open system and shared key. In both cases, the authentication provided between stations is at link level. This station service allows a single station to be authenticated with many other stations at any given time. A complementary service is deauthentacation. Whenever an existing authentication is to be terminated, the deauthentication service is invoked. Deauthentication is similar to disassociation in that when it is invoked it also performs the disassociation function.

Relationships between services

IEEE 802.11 MAC Layer Operations

The MAC sub layer provides wireless network operations to wireless stations: accessing the wire-less medium, joining a network, and authentication and privacy. There are three types of MAC frames: control, management, and data. Control frames are used to assist in the delivery of data frames. Management frames are used to establish initial communications between stations and access points. Data frames carry information o MAC services o LLC/MAC layer service primitives o MAC basic frame structures o Frame types: management, control, data o Frame control field details

IEEE 802.11 MAC Layer Operations

MAC services In the IEEE 802.11 standard all wireless stations support asynchronous data service. This asynchronous transport of MSDUs is performed on a "best-effort" connectionless basis using unicast, multicast, and broadcast transport. The security services in IEEE 802.11 are provided by the authentication service and the WEP encrypt mechanism

LLC/MAC layer service primitives

Primitives are having the following basic forms: request, confirm, indication, and response. Through the use of the, primitives, a layer may request another layer to perform a specific service, a layer may confirm the results of .i previous service primitive request, a layer may indicate the occurrence of a significant event, or a layer ma;, provide a response primitive to complete an action that was initiated by an indication primitive.

MAC basic frame structures

Each MAC frame consists of the following basic components: a MAC header, a variable length frame body, and a frame check sequence (FCS). The MAC header consists of several fields including frame control, duration, address, and sequence control information, The frame body contains information that is specific to the frame type. The FCS contains an IEEE 32-bit cyclic redundancy code (CRC). The four address fields in the MAC frame format are used to indicate the basic service set identifier (BSSID), destination address (DA), source address (SA), receiver address (RA), and transmitter address (TA) (although not all at the same time). Each address field is 48 bits in length The group address can be one of two types, either a multicast group or a broadcast group (i.e., all of the stations presently active in the wireless LAN). The BSSID field is used to uniquely identify each BSS. The sequence field consists of 16 bits that are composed of two subfields of 4 bits and 12 bits. The 12 bit field provides a sequence number for each MSDU and the 4-bit field provides a MSDU fragment number, if needed. The frame body field has a minimum length of 0 bytes and as shown in the figure can be as long as 2312 bytes.

IEEE 802.11 MAC Layer Operations

802.11 MAC layer operations accessing and joining a wireless network Operational details Collision window backoff time Point coordination function Beacon frame operation

WLAN: IEEE 802.11b

IEEE 802.11b PHY frame format

Channel selection (non-overlapping)

WLAN: IEEE 802.11a

Operating channels for 802.11a / Europe

Operating channels for 802.11a / US

OFDM in IEEE 802.11a

IEEE 802.11g
Details Bit rates: 54 to 6 Mbps ERP (Extended Rate Physical) layer operation DSSS-OFDM operation Successful successor of 802.11b, performance loss during mixed operation with IEEE 802.11b

IEEE 802.111WIRELESS LAN SECURITY

Types of Wireless LAN Security Problems Eavesdropping: the attacker listens to private communications or steals sensitive information by listening to wireless data traffic. MAC spoofing: the attacker is able to identify a valid MAC address of a legitimate network user and makes a copy of it to gain access to the wireless network. Dictionary attack: the attacker systematically tries all possible passwords in an attempt to determine the correct one and gain access to the network. Man-in-the-middle attack: the attacker impersonates a legitimate access point in order to gain sensitive user information (i.e., passwords and user names) from a legitimate user that has inadvertently attempted to associate with the rouge access point. Theft of service: the attacker gains Internet access through the Enterprise or home wireless LAN infrastructure resulting in charges for unauthorized use or the unauthorized sending of e-mail (spam) from the compromised network. Session hijacking: the attacker waits until a client has successfully authenticated to the network, sends a disassociation message to the client using the MAC address of the access point, and then starts sending traffic to the access point by spoofing the MAC address of the client.

IEEE 802.111WIRELESS LAN SECURITY

Initial IEEE 802.11 Security The original IEEE 802.11 standard included limited authentication protocols. The initial IEEE 802.11 authentication process supported MAC authentication of wireless clients and the standard allowed for what was known as wired equivalent privacy (WEP) encryption. Authentication Details IEEE 802.11 performs user authentication in the following fashion: only traffic from authorized MAC addresses will be allowed through the access point by checking the MAC address of the station requesting association against the access point's own database of valid users or through a RADIUS (remote authentication dial-in user service)

WEP Encryption Details

The WEP algorithm is symmetric in nature. The same key is used for both encryption and decryption. The WEP key used to encrypt wireless LAN traffic consists of two parts: a 24-bit initialization vector (IV) and a 40-bit user-defined key. The IV and the user key are combined to create a 64-bit composite key that is used to encrypt the user data during the transmission process. The 64-bit key is applied to a pseudorandom number generator (PRNG) at the same time the data stream is used to calculate an integrity check value (ICV) to prevent unauthorized modification of the data.

WEP encryption block diagram The ICV is appended to the data and the resulting data stream is mathematically combined with the correct length key sequence. Finally, the IV is broadcast with the encrypted data as the composite message.

WEP decryption block diagram

Figure shows the decryption process that occurs after reception of the transmitted data. The incoming PV is used to generate the required key sequence to decipher the incoming message. The integrity check algorithm is performed on the recovered data and the result is compared to the transmitted ICV. If the two values of ICV are not equal an error message is sent to MAC management.

IEEE 802.11iWPA Version 2

WPA version 2 or WPA2 employing the IEEE 802.1 H standard are known as robust security networks (RSNs). WPA2 to an advanced form of encryption known as AES (advanced encryption standard) In an effort to prevent a reoccurrences the WEP security problems, the international cryptographic community played an active role in the development of the IEEE 802.11 i standard. AES is a block cipher that was chosen for its robustness. Present, it resists all known techniques of cryptanalysis

COMPETING WIRELESS TECHNOLOGIES

HiperLAN2 and HiperLAN2 are the European equivalents of the IEEE 802.11x standards. HiperLAN1 and HiperLAN2 The HiperLAN project began in Europe and was ratified by the European Telecommunications Standards Institute (ETSI) in 1996 under the banner of the Broadband Radio Access Network (BRAN) organization. The second iteration of the standard (HiperLAN 1) calls for operation in the 5.2-GHz radio band, using GMSK modulation, with support for data rates up to 24 mbps. In 1998, the ETSI established a new project for BRAN based on wireless ATM. The ESTI started work on three main set of standards: HiperLAN Type 2(HiperLAN2) with 25-mbps data rates and indoor, local mobility, HiperAccess with 25-mbps data rates mil outdoor, fixed operation, and HiperLink with 155 mbps over a fixed backbone.

HomeRF and MMAC

A HomeRF working group was formed in 1998 with a goal of providing an open industry specification to le known as SWAP for the purpose of wireless home networking between PCs and consumer electronic devices. SWAP (shared wireless access protocol) was to operate at 2.4 GHz, use FHSS, and provide data rates of 1 and 2 mbps. The early versions of HomeRF were incompatible with IEEE 802.11b. In 2002 the group moved toward the endorsement of IEEE 802.11a as the next generation of wireless LANs.

MMAC -Multimedia Mobile Access Communication.

This is a fairly recent Japanese initiative that appears to have just as quickly faded away. Recall that IEEE 802.11j that has recently been adopted addresses the Japanese market. The IEEE 802. 11x standard has proven to be an impressive market leader and may soon prove to be the de facto worldwide standard for wireless LANs if that is not already the case.